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DETAILED ACTION 

1 . Claims 1-19 remain for examination. The correspondence filed 5/29/07 amended 
claims 1, 7, 13, and 14; and added claim 19. 

Response to Arguments 

2. Applicant's arguments filed 5/29/07 have been fully considered but they are not 
persuasive. Applicant primarily argues that the additional limitation added to 
independent claims 1 and 7, as well as dependent claim 14, would render the claims 
allowable over the prior art. Examiner strenuously disagrees, noting that the limitation 
wherein the claimed invention is capable of determining if a proposed new password 
meets a defined criteria before changing said password had not only been long since 
obvious in the art, it was in fact disclosed in subsequent references describing the P- 
Synch invention. The rejections have been rewritten so as to more particularly point out 
the limitations of the amended claims. It is also noted that, contrary to Applicant's 
assertion, claim 13 was not amended to add the new limitation in question but rather to 
correct minor typographical errors. Applicant's arguments vis-a-vis the new limitation do 
not apply to claim 13 or to claims 15-18 which depend directly upon claim 13; 
accordingly, the rejections of those claims under 35 USC 102(b) remain in effect. 

Applicant additionally argues on page 10 of the amendment: 

P-synch employs scripts; however, the use of scripts in this application is limited. For 
example, page 3, paragraph 3 in the P-Synch article states that "On Linux and UNIX 
systems, P-Synch modifies passwords directly by interacting with the passwd (sic) 1 
program, not through a script (which would provide a potential security hole)." 
[...] 

1 For the record, "passwd" is not a typographical error (cf. SPM, page 150, 2 nd column). 
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The P-Synch article actually teaches away from this use of the script, in that the article 
teaches that a more active role of the script might provide a potential security hole. 

Applicant's selective quotation from the cited paragraph indicates a flawed 
analysis of the prior art. The cited paragraph begins by disclosing that in all cases, P- 
Synch uses a script called "psynch.conf" to manage password changes (line 1). 
Depending on the nature of the computer or application that requires a password 
change, this script may function in subtly different fashion. In the specific scenario 
quoted by the Applicant, wherein P-Synch is to change the password of a Linux or Unix 
computer, observe that the "psynch.conf script runs the executable program "passwd" 
directly, rather than effect the change indirectly via the use of an additional script [the 
security hole]; this arrangement is permitted under the claim language (e.g. claim 1: "a 
script for... running an executable program"). Also notice that the admonition quoted by 
Applicant does not even apply to non-Unix [i.e. Windows etc.] computers, when P- 
Synch is to change a password for a non-Unix computer, or change the password of an 
application on a Unix or Windows computer, the psynch.conf script invokes one or more 
other scripts ["a set of scripts" as per claims 7 and 13] to perform those password 
changes (see lines 7-11). Thus the prior art not only fails to teach away from the instant 
invention, but also in fact discloses every embodiment of the claimed invention. 

Applicant concludes the amendment with the following curious statement: 

The other references of record have been reviewed, and these other references, whether 
considered individually or in combination, also do not disclose or render obvious the 
above-discussed feature of this invention. 

For example, the P-Synch Installation and Configuration Guide describes in detail how to 
install and configure the P-Synch application; however, there is no disclosure or 
suggestion in this guide of using script to determine whether a propped [sic] new 
password is acceptable. 
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Examiner respectfully draws Applicant's attention to page 11 of the P-Synch Installation 
Guide submitted in the previous Office Action, at line item #4; as well as section 3.4.1 : 
"Password strength policy", wherein it is disclosed that P-Synch ensures that new 
passwords must meet a variety of criteria in order to be accepted. Furthermore, the 
entirety of Chapter 21 (pages 123-128) explains in great detail how one may configure 
the P-Synch product to customize the criteria by which new prospective passwords are 
to be judged. The other prior art previously on the record are replete with similar 
teachings, as will be made apparent below. 

Claim Rejections - 35 USC § 102 

3. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

4. Claims 13 and 15-18 are rejected under 35 U.S.C. 102(b) as being anticipated by 
the Linux Journal article "P-Synch" 2 . 

Regarding claim 13: 

P-Synch discloses a program storage device that implements a method 
comprising: accumulating a set of passwords in a password management facility, each 
of said passwords being associated with a computer application having a password 
change procedure (page 3, 2 nd paragraph: 7etc/passwd"); providing the password 

2 Examiner observes that not only does P-Synch anticipate the claimed subject matter in full, but that the 
reference explicitly teaches wherein a password management facility that uses a set of scripts to change 
the passwords of one or more computers or applications from a single location was "an obvious solution" 
to those of ordinary skill in the art (page 1, last line), for several years prior to the instant invention. 
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management facility with a set of scripts to operate the password change procedures of 
the associated applications (page 3, 3 rd paragraph); and invoking the scripts to change 
passwords (Ibid). 

Regarding claim 15: 

P-Synch further discloses wherein the graphical user interface includes a series 
of activatable display elements, each display element being shown adjacent to one of 
the passwords to invoke script for changing said one password (page 4, 1 st paragraph). 

Regarding claim 16: 

P-Synch further discloses wherein each of the scripts simulates a set of 
keystroke entries or an executable program to change the password for one of the 
applications (page 3, 3 rd paragraph). 

Regarding claim 17: 

P-Synch further discloses wherein the applications are selected from the group 
including workstation applications, legacy host applications, server applications, and 
networked applications (page 2, 3 rd paragraph). 

Regarding claim 18: 

P-Synch further discloses wherein the passwords are encrypted in said storage 
(page 3, 3 rd paragraph: "...encryption schemes that manage password files"). 
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5. Claims 1-12 and 19 are rejected under 35 U.S.C. 102(b) based upon a public use 
or sale of the invention. Examiner has discovered a version of the "P-Synch Installation 
and Configuration Guide", older than the copy already on the record, describing the 
aforementioned P-Synch product as it was known to exist on or around May 2002 . 

Regarding claim 1: 

P-Synch discloses a tool for managing passwords, comprising: storage for a 
plurality of current passwords for a plurality of respective applications (page 7, section 
"2.4 Self-service profile management"; note that the systems disclosed can include 
applications such as those listed on the chart on page 20); means for displaying a 
reminder to change one or more passwords ("Password expiry early notification client" 
on pages 122-123); and a script for simulating keystroke entries, or running an 
executable program, to automatically perform a password change in said respective 
applications for said current passwords of said reminder (e.g. pages 585-587) wherein 
the script tests proposed new passwords to determine if said proposed new passwords 
meet a defined criteria, and the script changes a password only if the proposed new 
password meets the defined criteria (e.g. page 2, "Enforcing strong password rules..."). 

Regarding claim 7: 

P-Synch discloses a method comprising: accumulating a set of passwords in a 
password management facility, each of said passwords being associated with a 
computer application having a password change procedure (page 7, section "2.4 Self- 
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service profile management"; note that the systems disclosed can include applications 
such as those listed on the chart on page 20); providing the password management 
facility with a set of scripts to operate the password change procedures of the 
associated applications (e.g. pages 585-587); and invoking the scripts to change 
passwords (Ibid) wherein the scripts test proposed new passwords to determine if said 
proposed new passwords meet a defined criteria, and the scripts change a password 
only if the proposed new password meets the defined criteria (pages 2, 4, and 124-126). 

Regarding claims 2 and 11: 

P-Synch further discloses wherein the applications are selected from the group 
including workstation applications, legacy host applications, server applications, and 
networked applications (page 20, Table 5.1). 

Regarding claim 3: 

P-Synch further discloses means for displaying a list of passwords (Figure 12.2. 
on page 186) and means for displaying a graphical user interface for invoking the script 
to change passwords (via a web browser GUI: page 190; see also page 64). 

Regarding claims 4 and 9: 

P-Synch further discloses wherein the graphical user interface includes a series 
of activatable display elements, each display element being shown adjacent to one of 
the passwords to invoke script for changing said one password (pages 183-186). 
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Regarding claim 5: 

P-Synch further discloses wherein at least some of the applications include a 
password change form and require a series of actions to get to the password change 
form, and the script includes means to perform said series of actions to get to the 
password change form ("Native Password management": see page 191 etc). 

Regarding claims 6 and 12: 

P-Synch further discloses wherein the passwords are encrypted in said storage 
("hashed" passwords: see page 7, "2.4 Self-service profile management"; see also the 
encrypted password cache on page 136). 

Regarding claim 8: 

P-Synch further discloses accessing the password management facility (e.g. 
pages 183-187); said password management facility displaying a list of passwords and 
a graphical user interface for invoking the scripts (Ibid); and using said graphical user 
interface to activate the scripts to change the passwords (pages 185-186). 

Regarding claim 10: 

P-Synch further discloses wherein each of the scripts simulates a set of 
keystroke entries or an executable program to change the password for one of the 
applications (simulates keystrokes on page 587; runs an executable program ["native 
password change"] on page 5, "2.1.2 Transparent synchronization"). 
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Regarding claim 19: 

P-Synch further discloses wherein the defined criteria are based on data from a 
user table (the user's password history table: page 7, section "2.4 Self-service profile 
management"; see also pages 124-128, particularly page 126). 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. Claims 1-12, 14, and 19 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over the Linux Journal article "P-Synch", and further in view of "SPM: 
System for Password Management" (see the IDS filed 10/7/03; hereinafter, "SPM"). 

Regarding claim 1: 

P-Synch discloses a tool for managing passwords, comprising: storage for a 
plurality of current passwords for a plurality of respective applications (page 1 , "...each 
individual application that has its own user and password lists..."); means for displaying 
a reminder to change one or more passwords (inherent to the passwd program that the 
P-Synch program interacts with, see page 3, 3 rd paragraph); and a script for simulating 
keystroke entries, or running an executable program, to automatically perform a 
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password change in said respective applications for said current passwords of said 
reminder (page 3, 3 rd paragraph). 

The Linux Journal article does not explicitly mention "wherein the script tests 
proposed new passwords to determine if said proposed new passwords meet a defined 
criteria, and the script changes a password only if the proposed new password meets 
the defined criteria". However, SPM discloses an analogous password management 
tool wherein the tool is configured to check if the proposed new password satisfied one 
or more criteria before changing the password (page 152, "Password History Checking" 
and "Password Checking"). It would have been obvious to one of ordinary skill in the art 
for the P-Synch password management script to verify that a new password conforms to 
one or more defined criteria before making the change. The motivation for doing so 
would be to ensure that a user's password cannot easily be cracked by common 
algorithms used to guess passwords (SPM, page 152, "Password Checking"). 

Regarding claim 7: 

P-Synch discloses a method comprising: accumulating a set of passwords in a 
password management facility, each of said passwords being associated with a 
computer application having a password change procedure (page 3, 2 nd paragraph: 
7etc/passwd"); providing the password management facility with a set of scripts to 
operate the password change procedures of the associated applications (page 3, 3 rd 
paragraph); and invoking the scripts to change passwords (Ibid). 
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The Linux Journal article does not explicitly mention wherein the scripts test 
proposed new passwords to determine if said proposed new passwords meet a defined 
criteria, and the scripts change a password only if the proposed new password meets 
the defined criteria. However, SPM discloses an analogous password management tool 
wherein the tool is configured to check if the proposed new password satisfied one or 
more criteria before changing the password (page 1 52, "Password History Checking"' 
and "Password Checking"). It would have been obvious to one of ordinary skill in the art 
for the P-Synch password management scripts to verify that a new password conforms 
to one or more defined criteria before making the change. The motivation for doing so 
would be to ensure that a user's password cannot easily be cracked by common 
algorithms used to guess passwords (SPM, page 152, "Password Checking"). 

Regarding claims 2 and 1 1 : 

P-Synch further discloses wherein the applications are selected from the group 
including workstation applications, legacy host applications, server applications, and 
networked applications (page 2, 3 rd paragraph). 

Regarding claim 3: 

P-Synch further discloses means for displaying a list of passwords (inherent to 
Linux/Unix: cat /etc/passwd) and means for displaying a graphical user interface for 
invoking the script to change passwords (page 2, 2 nd paragraph; page 4, 1 st paragraph). 
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Regarding claims 4 and 9: 

P-Synch further discloses wherein the graphical user interface includes a series 
of activatable display elements, each display element being shown adjacent to one of 
the passwords to invoke script for changing said one password (page 4, 1 st paragraph). 

Regarding claim 5: 

P-Synch further discloses wherein at least some of the applications include a 
password change form and require a series of actions to get to the password change 
form, and the script includes means to perform said series of actions to get to the 
password change form (page 2, 3 rd paragraph; page 3, 3 rd and 4 th paragraphs). 

Regarding claims 6 and 12: 

P-Synch further discloses wherein the passwords are encrypted in said storage 
(page 3, 3 rd paragraph: "...encryption schemes that manage password files"). 

Regarding claim 8: 

P-Synch further discloses accessing the password management facility (page 3, 
3 rd paragraph); said password management facility displaying a list of passwords and a 
graphical user interface for invoking the scripts (page 2, 2 nd paragraph; page 4, 1 st 
paragraph); and using said graphical user interface to activate the scripts to change the 
passwords (Ibid). 
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Regarding claim 10: 

P-Synch further discloses wherein each of the scripts simulates a set of 
keystroke entries or an executable program to change the password for one of the 
applications (page 3, 3 rd paragraph). 

Regarding claim 14: 

P-Synch discloses all the limitations of claim 13 as discussed on pages 4-5 of 
this Action, as well as the limitations this claim has in common with claim 8 as above: 
However, the Linux Journal article does not explicitly mention wherein the scripts test 
proposed new passwords to determine if said proposed new passwords meet a defined 
criteria, and the scripts change a password only if the proposed new password meets 
the defined criteria. Instead, SPM discloses an analogous password management tool 
for changing passwords on a plurality of computers and applications wherein the tool is 
configured to check if the proposed new password satisfied one or more criteria before 
changing the password (page 152, "Password History Checking"' and "Password 
Checking"). It would have been obvious to one of ordinary skill in the art for the P- 
Synch password management scripts to verify that a new password conforms to one or 
more defined criteria before making the change. The motivation for doing so would be 
to ensure that a user's password cannot easily be cracked by common algorithms used 
to guess passwords (SPM, page 152, "Password Checking"). 
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Regarding claim 19: 

SPM further discloses wherein the defined criteria is based on data from a user 
table (page 152: "User Verification", 3 rd paragraph; and "Password History Checking", 
2 nd paragraph). 

Conclusion 

8. The prior art made of record and not relied upon, which Applicant declared as 
having been reviewed and found wanting (page 10 of the amendment, 4 th paragraph), 
also contains references to the new limitation found in the amended claims: 

• the "yp_passwd.c" reference submitted in the previous Office Action discloses 
wherein it was well known that password programs could check that proposed 
new passwords satisfy one or more criteria before accepting the new password, 
including that the password must be more than five characters long (page 4, lines 
34-37) and that it must not consist solely of lower-case characters (lines 38-42). 

• The Mozilla reference submitted in the previous Office Action discloses the 
existence of a password quality meter which measures passwords against 
various criteria for security purposes (page 3, second paragraph from bottom) 

9. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
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TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Tom Gyorfi whose telephone number is (571) 272-3849. 
The examiner can normally be reached on 8:30am - 5:00pm Monday - Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov . 

Should you have questions on access to the Private PAIR system, contact the 
Electronic Business Center (EBC) at 866-21 7-91 97 (toll-free). If you would like 
assistance from a USPTO Customer Service Representative or access the automated 
information system, call 800-786-9199 (IN USA OR CANAdA( c*-571 -272-1 000. 
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